friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamzsynchconfig.htm

289 lines
19 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Scenario: Propagate network authentication service and EIM across multiple systems" />
<meta name="abstract" content="This scenario demonstrates how to use the Synchronize Functions wizard in iSeries™ Navigator to propagate a single signon configuration across multiple systems in a mixed OS/400® release environment. Administrators can save time by configuring single signon once and propagating that configuration to all of their systems, instead of configuring each system individually." />
<meta name="description" content="This scenario demonstrates how to use the Synchronize Functions wizard in iSeries™ Navigator to propagate a single signon configuration across multiple systems in a mixed OS/400® release environment. Administrators can save time by configuring single signon once and propagating that configuration to all of their systems, instead of configuring each system individually." />
<meta name="DC.Relation" scheme="URI" content="rzamzscenarios.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcompletetheplanningworksheets3.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcreateasystemgroup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzpropagatesystemsettings.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzcompletetheconfigurationsfornetwork.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamzconfigurenetworkauthentication.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalveservercncpts.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakhconcept.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamzsynchconfig" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Scenario: Propagate network authentication service and EIM across multiple
systems</title>
</head>
<body id="rzamzsynchconfig"><a name="rzamzsynchconfig"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Scenario: Propagate network authentication service and EIM across multiple
systems</h1>
<div><p>This scenario demonstrates how to use the Synchronize Functions
wizard in iSeries™ Navigator to propagate a single signon configuration across
multiple systems in a mixed OS/400® release environment. Administrators can
save time by configuring single signon once and propagating that configuration
to all of their systems, instead of configuring each system individually.</p>
<div class="section" id="rzamzsynchconfig__situation"><a name="rzamzsynchconfig__situation"><!-- --></a><h4 class="sectionscenariobar">Situation</h4><p>You
are a network administrator for a large auto parts manufacturer. You manage
five systems with <span class="keyword">iSeries™ Navigator</span>.
One system operates as the central system, which stores data and manages the
endpoint systems. You have read about the benefits of single signon and you
want to configure a single signon environment for your enterprise. You have
just completed the process of setting up a <a href="rzamzenablesso.htm#rzamzenablesso">test environment</a> on one system and you want to extend
your single signon environment throughout the enterprise. You have four other
servers to configure and you want to find a way to configure them as efficiently
as possible.</p>
<p>You know that <span class="keyword">iSeries Navigator</span> provides
the Synchronize Functions wizard that allows you to copy the single signon
configuration from one system and apply it to other <span class="keyword">i5/OS™</span> V5R3
or later systems. This eliminates the need to configure each system separately.</p>
<p>However,
one of your systems runs <span class="keyword">OS/400<sup>®</sup></span> Version
5 Release 2 (V5R2). <span class="keyword">OS/400</span> V5R2
does not support the Synchronize Functions wizard, which means that you must
separately configure this system to match the current network authentication
service and EIM configurations on your model system.</p>
<div class="p">This scenario has
the following advantages:<ul><li>Simplifies the task of configuring network authentication service and
EIM on multiple systems to create a single signon environment.</li>
<li>Saves you time and effort as you use a single wizard to copy and apply
one manual configuration to a number of other servers.</li>
</ul>
</div>
</div>
<div class="section" id="rzamzsynchconfig__objective"><a name="rzamzsynchconfig__objective"><!-- --></a><h4 class="sectionscenariobar">Objectives</h4><p>As
the network administrator for MyCo, Inc., you want to create a single signon
environment for your enterprise in which all your servers will participate
and you want to configure your servers as quickly and easily as possible.</p>
<div class="p">The
objectives of this scenario are as follows:<ul><li><span class="keyword">iSeries</span> A has existing
network authentication service and EIM configurations from when it was set
up to create a <a href="rzamzenablesso.htm#rzamzenablesso">test
environment</a>. Consequently, <span class="keyword">iSeries</span> A
must be used as the model system for propagating these configurations to the
end point systems of <span class="keyword">iSeries</span> B
and <span class="keyword">iSeries</span> C.</li>
<li>All of the systems will be configured to join the same EIM domain and
must use the same Kerberos server and the same domain controller.<div class="note"><span class="notetitle">Note:</span> Refer
to <a href="rzamzdomains.htm#domains">Domains</a> to learn how two
types of domains, an EIM domain and a <span class="keyword">Windows<sup>®</sup> 2000</span> domain,
both fit into the single signon environment.</div>
</li>
<li><span class="keyword">iSeries</span> D, the <span class="keyword">OS/400</span> V5R2 system, must be configured
manually for network authentication service and EIM.</li>
</ul>
</div>
</div>
<div class="section" id="rzamzsynchconfig__details"><a name="rzamzsynchconfig__details"><!-- --></a><h4 class="sectionscenariobar">Details</h4><p>The
following figure illustrates the network environment for this scenario.</p>
<p><br /><img src="rzamz502.gif" alt="Propagate single signon across multiple systems diagram" /><br /></p>
<p>The figure illustrates the following points
relevant to this scenario.</p>
<p><strong><span class="keyword">Windows 2000</span> server</strong></p>
<ul><li>Acts as the Kerberos server, also known as the key distribution center
(KDC), for the network.</li>
<li>All users are registered with the Kerberos server on the <span class="keyword">Windows 2000</span> server.</li>
</ul>
<p><strong>iSeries MC1
- Central system</strong></p>
<ul><li>Runs on <span class="keyword">i5/OS</span> Version
5 Release 4 (V5R3) or later with the following options and licensed products
installed:<ul><li><span class="keyword">i5/OS</span> Host Servers
(5722-SS1 Option 12)</li>
<li><span class="keyword">iSeries Access for Windows</span> (5722-XE1)</li>
</ul>
</li>
<li>Stores, schedules, and runs synchronize functions tasks for each of the
endpoint systems.</li>
<li>Is configured for network authentication service and EIM.</li>
</ul>
<p><strong><span class="keyword">iSeries</span> A - Model
system </strong></p>
<div class="note"><span class="notetitle">Note:</span> The model system should be configured similarly to the
system identified as <span class="keyword">iSeries</span> A
in the <a href="rzamzenablesso.htm#rzamzenablesso">Scenario: Create a single signon test environment</a> scenario. Refer
to this scenario to ensure that all of the single signon configuration tasks
on the model system are completed and verified.</div>
<ul><li>Runs <span class="keyword">i5/OS</span> Version
5 Release 4 (V5R4) with the following options and licensed products installed:<ul><li><span class="keyword">i5/OS</span> Host Servers
(5722-SS1 Option 12)</li>
<li><span class="keyword">iSeries Access for Windows</span> (5722-XE1)</li>
</ul>
</li>
<li>Is configured for network authentication service and EIM.</li>
<li>Is the model system from which the network authentication service and
EIM configurations are propagated to the target systems.</li>
</ul>
<p><strong><span class="keyword">iSeries</span> B</strong></p>
<ul><li>Runs <span class="keyword">i5/OS</span> Version
5 Release 4 (V5R4) with the following options and licensed products installed:<ul><li><span class="keyword">i5/OS</span> Host Servers
(5722-SS1 Option 12)</li>
<li><span class="keyword">iSeries Access for Windows</span> (5722-XE1)</li>
</ul>
</li>
<li>Is one of the target systems for the propagation of network authentication
service and EIM configurations.</li>
</ul>
<p><strong><span class="keyword">iSeries</span> C</strong></p>
<ul><li>Runs <span class="keyword">i5/OS</span> Version
5 Release 4 (V5R4) with the following options and licensed products installed:<ul><li><span class="keyword">i5/OS</span> Host Servers
(5722-SS1 Option 12)</li>
<li><span class="keyword">iSeries Access for Windows</span> (5722-XE1)</li>
</ul>
</li>
<li>Is one of the target systems for the propagation of network authentication
service and EIM configurations.</li>
</ul>
<p><strong><span class="keyword">iSeries</span> D</strong></p>
<ul><li> Runs <span class="keyword">OS/400</span> Version
5 Release 2 (V5R2) with the following options and licensed products installed:<ul><li><span class="keyword">OS/400</span> Host Servers (5722-SS1
Option 12)</li>
<li><span class="keyword">iSeries Access for Windows</span> (5722-XE1)</li>
<li>Cryptographic Access Provider (5722-AC3)</li>
</ul>
</li>
<li>Has the following V5R2 PTFs (program temporary fixes) applied:<ul><li>SI08977</li>
<li>SI08979</li>
</ul>
</li>
<li>Requires separate, manual configuration of network authentication service
and EIM using the appropriate wizards in <span class="keyword">iSeries Navigator</span>.</li>
</ul>
<p><strong>Administrator's PC</strong></p>
<ul><li>Runs <span class="keyword">i5/OS</span> V5R4 <span class="keyword">iSeries Access for Windows</span> (5722-XE1).</li>
<li>Runs <span class="keyword">i5/OS</span> V5R4 <span class="keyword">iSeries Navigator</span> with the following subcomponents:<div class="note"><span class="notetitle">Note:</span> Only
required for PC used to administer network authentication service.</div>
<ul><li>Network</li>
<li>Security</li>
</ul>
</li>
</ul>
</div>
<div class="section" id="rzamzsynchconfig__prereq"><a name="rzamzsynchconfig__prereq"><!-- --></a><h4 class="sectionscenariobar">Prerequisites
and assumptions</h4><p>Successful implementation of this scenario requires
that the following assumptions and prerequisites are met:</p>
<p><strong><span class="keyword">iSeries</span> MC1 - Central system prerequisites</strong></p>
<ol><li>All system requirements, including software and operating system installation,
have been verified.<div class="p">To verify that these licensed programs have been installed,
complete the following:<ol type="a"><li>In <span class="keyword">iSeries Navigator</span>, expand <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Configuration and Service</span> &gt; <span class="uicontrol">Software</span> &gt; <span class="uicontrol">Installed Products</span></span>.</li>
<li>Ensure that all the necessary licensed programs are installed.</li>
</ol>
</div>
</li>
<li>All necessary hardware planning and setup is complete.</li>
<li>TCP/IP and basic system security are configured and tested.</li>
<li>Secure Sockets Layer (SSL) has been configured to protect the transmission
of data between these servers. <div class="note"><span class="notetitle">Note:</span> When you propagate network configuration
service configuration among servers, sensitive information like passwords
are sent across the network. You should use SSL to protect this information,
especially if it is being sent outside your Local Area Network (LAN). See <a href="../rzain/rzainmc.htm">Scenario: Secure all
connections to your Management Central server with SSL</a> for details.</div>
</li>
</ol>
<p><strong><span class="keyword">iSeries</span> A - Model
system prerequisites</strong></p>
<div class="note"><span class="notetitle">Note:</span> This scenario assumes that <span class="keyword">iSeries</span> A
is properly configured for single signon. Refer to the <a href="rzamzenablesso.htm">Scenario: Create a single signon test environment</a> scenario
to ensure that all of the single signon configuration tasks on the model system
are completed and verified.</div>
<ol><li>All system requirements, including software and operating system installation,
have been verified.<div class="p">To verify that these licensed programs have been installed,
complete the following:<ol type="a"><li>In <span class="keyword">iSeries Navigator</span>, expand <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Configuration and Service</span> &gt; <span class="uicontrol">Software</span> &gt; <span class="uicontrol">Installed Products</span></span>.</li>
<li>Ensure that all the necessary licensed programs are installed.</li>
</ol>
</div>
</li>
<li>All necessary hardware planning and setup is complete.</li>
<li>TCP/IP and basic system security are configured and tested.</li>
<li>Secure Sockets Layer (SSL) has been configured to protect the transmission
of data between these servers. <div class="note"><span class="notetitle">Note:</span> When you propagate network configuration
service configuration among servers, sensitive information like passwords
are sent across the network. You should use SSL to protect this information,
especially if it is being sent outside your Local Area Network (LAN). See <a href="../rzain/rzainmc.htm">Scenario: Secure all
connections to your Management Central server with SSL</a> for details.</div>
</li>
</ol>
<p><strong><span class="keyword">iSeries</span> B, <span class="keyword">iSeries</span> C, and <span class="keyword">iSeries</span> D
- Endpoint systems prerequisites</strong></p>
<ol><li>All system requirements, including software and operating system installation,
have been verified.<div class="p">To verify that these licensed programs have been installed,
complete the following:<ol type="a"><li>In <span class="keyword">iSeries Navigator</span>, expand <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Configuration and Service</span> &gt; <span class="uicontrol">Software</span> &gt; <span class="uicontrol">Installed Products</span></span>.</li>
<li>Ensure that all the necessary licensed programs are installed.</li>
</ol>
</div>
</li>
<li>All necessary hardware planning and setup is complete.</li>
<li>TCP/IP and basic system security are configured and tested.</li>
<li>Secure Sockets Layer (SSL) has been configured to protect the transmission
of data between these servers. <div class="note"><span class="notetitle">Note:</span> When you propagate network configuration
service configuration among servers, sensitive information like passwords
are sent across the network. You should use SSL to protect this information,
especially if it is being sent outside your Local Area Network (LAN). See <a href="../rzain/rzainmc.htm">Scenario: Secure all
connections to your Management Central server with SSL</a> for details.</div>
</li>
</ol>
<p><strong><span class="keyword">Windows 2000</span> server
prerequisites</strong></p>
<ol><li>All necessary hardware planning and setup have been completed.</li>
<li>TCP/IP has been configured and tested on the server.</li>
<li><span class="keyword">Windows 2000</span> domain has been
configured and tested.</li>
<li>All users within your network have been added to the Kerberos server.</li>
</ol>
</div>
<div class="section" id="rzamzsynchconfig__steps"><a name="rzamzsynchconfig__steps"><!-- --></a><h4 class="sectionscenariobar">Configuration
steps</h4><div class="p">To propagate the network authentication service and EIM configurations
from the model system, <span class="keyword">iSeries</span> A
to the endpoint systems, <span class="keyword">iSeries</span> B
and <span class="keyword">iSeries</span> C,
you must complete the following tasks:<div class="note"><span class="notetitle">Note:</span> You need to understand the concepts
related to single signon, which include network authentication service and
Enterprise Identity Mapping (EIM) concepts, before you implement this scenario.
See the following information to learn about the terms and concepts related
to single signon:</div>
</div>
</div>
</div>
<div>
<ol>
<li class="olchildlink"><a href="rzamzcompletetheplanningworksheets3.htm">Complete the planning work sheets</a><br />
</li>
<li class="olchildlink"><a href="rzamzcreateasystemgroup.htm">Create a system group</a><br />
</li>
<li class="olchildlink"><a href="rzamzpropagatesystemsettings.htm">Propagate system settings from the model system (iSeries A) to iSeries B and iSeries C</a><br />
Put your short description here; used for first paragraph and abstract.</li>
<li class="olchildlink"><a href="rzamzcompletetheconfigurationsfornetwork.htm">Complete the configurations for network authentication service and EIM on iSeries B and iSeries C</a><br />
</li>
<li class="olchildlink"><a href="rzamzconfigurenetworkauthentication.htm">Configure network authentication service and EIM on the V5R2 or later system, iSeries D</a><br />
</li>
</ol>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzscenarios.htm" title="Use this information to review scenarios that illustrate typical single signon implementation situations to help you plan your own certificate implementation as part of your server security policy.">Scenarios</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzalv/rzalveservercncpts.htm">Enterprise Identity Mapping (EIM)</a></div>
<div><a href="../rzakh/rzakhconcept.htm">Network authentication service</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink